Fix ntp multiple vulnerabilities.

[FreeBSD/releng/10.2.git] / contrib / ntp / ntpq / ntpq-opts.def

/* -*- Mode: Text -*- */

autogen definitions options;

#include copyright.def
#include homerc.def
#include autogen-version.def

prog-name      = "ntpq";
prog-title     = "standard NTP query program";
argument       = '[ host ...]';

flag = {
    name      = ipv4;
    flags-cant = ipv6;
    value     = 4;
    descrip   = "Force IPv4 DNS name resolution";
    doc = <<-  _EndOfDoc_
        Force DNS resolution of following host names on the command line
        to the IPv4 namespace.
        _EndOfDoc_;
};

flag = {
    name      = ipv6;
    flags-cant = ipv4;
    value     = 6;
    descrip   = "Force IPv6 DNS name resolution";
    doc = <<-  _EndOfDoc_
        Force DNS resolution of following host names on the command line
        to the IPv6 namespace.
        _EndOfDoc_;
};

flag = {
    name      = command;
    value     = c;
    arg-type  = string;
    descrip   = "run a command and exit";
    max       = NOLIMIT;
    arg-name  = cmd;
    call-proc = ntpq_custom_opt_handler;
    doc = <<-  _EndOfDoc_
        The following argument is interpreted as an interactive format command
        and is added to the list of commands to be executed on the specified
        host(s).
        _EndOfDoc_;
};

#include debug-opt.def

flag = {
    name      = interactive;
    value     = i;
    flags-cant = command, peers;
    descrip   = "Force ntpq to operate in interactive mode";
    doc = <<-  _EndOfDoc_
        Force @code{ntpq} to operate in interactive mode.
        Prompts will be written to the standard output and
        commands read from the standard input.
        _EndOfDoc_;
};

flag = {
    name      = numeric;
    value     = n;
    descrip   = "numeric host addresses";
    doc = <<-  _EndOfDoc_
        Output all host addresses in dotted-quad numeric format rather than
        converting to the canonical host names. 
        _EndOfDoc_;
};

flag = {
    name      = old-rv;
    descrip   = "Always output status line with readvar";
    doc = <<-  _EndOfDoc_
        By default, @code{ntpq} now suppresses the @code{associd=...}
        line that precedes the output of @code{readvar}
        (alias @code{rv}) when a single variable is requested, such as
        @code{ntpq -c "rv 0 offset"}.
        This option causes @code{ntpq} to include both lines of output
        for a single-variable @code{readvar}.
        Using an environment variable to
        preset this option in a script will enable both older and
        newer @code{ntpq} to behave identically in this regard.
        _EndOfDoc_;
};

flag = {
    name      = peers;
    value     = p;
    descrip   = "Print a list of the peers";
    flags-cant = interactive;
    call-proc = ntpq_custom_opt_handler;
    doc = <<-  _EndOfDoc_
        Print a list of the peers known to the server as well as a summary
        of their state. This is equivalent to the 'peers' interactive command.
        _EndOfDoc_;
};

flag = {
    name      = refid;
    value     = r;
    descrip   = "Set default display type for S2+ refids";
    arg-type  = keyword;
    keyword   = hash, ipv4;
    arg-default = ipv4;
    doc = <<-  _EndOfDoc_
        Set the default display format for S2+ refids.
        _EndOfDoc_;
};

flag = {
    name      = wide;
    value     = w;
    descrip   = "Display the full 'remote' value";
    doc = <<-  _EndOfDoc_
        Display the full value of the 'remote' value.  If this requires
        more than 15 characters, display the full value, emit a newline,
        and continue the data display properly indented on the next line.
        _EndOfDoc_;
};

doc-section     = {
  ds-type       = 'DESCRIPTION';
  ds-format     = 'mdoc';
  ds-text       = <<-  _END_PROG_MDOC_DESCRIP

The
.Nm
utility program is used to query NTP servers which
implement the standard NTP mode 6 control message formats defined
in Appendix B of the NTPv3 specification RFC1305, requesting
information about current state and/or changes in that state.
The same formats are used in NTPv4, although some of the
variables have changed and new ones added. The description on this
page is for the NTPv4 variables.
The program may be run either in interactive mode or controlled using
command line arguments.
Requests to read and write arbitrary
variables can be assembled, with raw and pretty-printed output
options being available.
The
.Nm
utility can also obtain and print a
list of peers in a common format by sending multiple queries to the
server.

If one or more request options is included on the command line
when
.Nm
is executed, each of the requests will be sent
to the NTP servers running on each of the hosts given as command
line arguments, or on localhost by default.
If no request options
are given,
.Nm
will attempt to read commands from the
standard input and execute these on the NTP server running on the
first host given on the command line, again defaulting to localhost
when no other host is specified.
The
.Nm
utility will prompt for
commands if the standard input is a terminal device.

.Nm
uses NTP mode 6 packets to communicate with the
NTP server, and hence can be used to query any compatible server on
the network which permits it.
Note that since NTP is a UDP protocol
this communication will be somewhat unreliable, especially over
large distances in terms of network topology.
The
.Nm
utility makes
one attempt to retransmit requests, and will time requests out if
the remote host is not heard from within a suitable timeout
time.

Specifying a
command line option other than
.Fl i
or
.Fl n
will
cause the specified query (queries) to be sent to the indicated
host(s) immediately.
Otherwise,
.Nm
will attempt to read
interactive format commands from the standard input.
.Ss "Internal Commands"
Interactive format commands consist of a keyword followed by zero
to four arguments.
Only enough characters of the full keyword to
uniquely identify the command need be typed.

A
number of interactive format commands are executed entirely within
the
.Nm
utility itself and do not result in NTP mode 6
requests being sent to a server.
These are described following.
.Bl -tag -width "? [command_keyword]" -compact -offset indent
.It Ic ? Op  Ar command_keyword
.It Ic help Op Ar command_keyword
A
.Ql \&?
by itself will print a list of all the command
keywords known to this incarnation of
.Nm .
A
.Ql \&?
followed by a command keyword will print function and usage
information about the command.
This command is probably a better
source of information about
.Nm
than this manual
page.
.It Ic addvars Ar variable_name Ns Xo Op Ic =value
.Ic ...
.Xc
.It Ic rmvars Ar variable_name Ic ...
.It Ic clearvars
.It Ic showvars
The data carried by NTP mode 6 messages consists of a list of
items of the form
.Ql variable_name=value ,
where the
.Ql =value
is ignored, and can be omitted,
in requests to the server to read variables.
The
.Nm
utility maintains an internal list in which data to be included in control
messages can be assembled, and sent using the
.Ic readlist
and
.Ic writelist
commands described below.
The
.Ic addvars
command allows variables and their optional values to be added to
the list.
If more than one variable is to be added, the list should
be comma-separated and not contain white space.
The
.Ic rmvars
command can be used to remove individual variables from the list,
while the
.Ic clearlist
command removes all variables from the
list.
The
.Ic showvars
command displays the current list of optional variables.
.It Ic authenticate Op yes | no
Normally
.Nm
does not authenticate requests unless
they are write requests.
The command
.Ql authenticate yes
causes
.Nm
to send authentication with all requests it
makes.
Authenticated requests causes some servers to handle
requests slightly differently, and can occasionally melt the CPU in
fuzzballs if you turn authentication on before doing a
.Ic peer
display.
The command
.Ql authenticate
causes
.Nm
to display whether or not
.Nm
is currently autheinticating requests.
.It Ic cooked
Causes output from query commands to be "cooked", so that
variables which are recognized by
.Nm
will have their
values reformatted for human consumption.
Variables which
.Nm
thinks should have a decodable value but didn't are
marked with a trailing
.Ql \&? .
.It Xo
.Ic debug
.Oo
.Cm more |
.Cm less |
.Cm off
.Oc
.Xc
With no argument, displays the current debug level.
Otherwise, the debug level is changed to the indicated level.
.It Ic delay Ar milliseconds
Specify a time interval to be added to timestamps included in
requests which require authentication.
This is used to enable
(unreliable) server reconfiguration over long delay network paths
or between machines whose clocks are unsynchronized.
Actually the
server does not now require timestamps in authenticated requests,
so this command may be obsolete.
.It Ic exit
Exit
.Nm .
.It Ic host Ar hostname
Set the host to which future queries will be sent.
.Ar hostname
may be either a host name or a numeric address.
.It Ic hostnames Op Cm yes | Cm no
If
.Cm yes
is specified, host names are printed in
information displays.
If
.Cm no
is specified, numeric
addresses are printed instead.
The default is
.Cm yes ,
unless
modified using the command line
.Fl n
switch.
.It Ic keyid Ar keyid
This command allows the specification of a key number to be
used to authenticate configuration requests.
This must correspond
to the
.Cm controlkey
key number the server has been configured to use for this
purpose.
.It Ic keytype Xo Oo
.Cm md5 |
.Cm OpenSSLDigestType
.Oc
.Xc
Specify the type of key to use for authenticating requests.
.Cm md5
is alway supported.
If
.Nm
was built with OpenSSL support,
any digest type supported by OpenSSL can also be provided.
If no argument is given, the current
.Ic keytype
is displayed.
.It Ic ntpversion Xo Oo
.Cm 1 |
.Cm 2 |
.Cm 3 |
.Cm 4
.Oc
.Xc
Sets the NTP version number which
.Nm
claims in
packets.
Defaults to 3, and note that mode 6 control messages (and
modes, for that matter) didn't exist in NTP version 1.
There appear
to be no servers left which demand version 1.
With no argument, displays the current NTP version that will be used
when communicating with servers.
.It Ic passwd
This command prompts you to type in a password (which will not
be echoed) which will be used to authenticate configuration
requests.
The password must correspond to the key configured for
use by the NTP server for this purpose if such requests are to be
successful.
.\" Not yet implemented.
.\" .It Ic poll
.\" .Op Ar n
.\" .Op Ic verbose
.\" Poll an NTP server in client mode
.\" .Ar n
.\" times.
.It Ic quit
Exit
.Nm .
.It Ic raw
Causes all output from query commands is printed as received
from the remote server.
The only formating/interpretation done on
the data is to transform nonascii data into a printable (but barely
understandable) form.
.It Ic timeout Ar milliseconds
Specify a timeout period for responses to server queries.
The
default is about 5000 milliseconds.
Note that since
.Nm
retries each query once after a timeout, the total waiting time for
a timeout will be twice the timeout value set.
.It Ic version
Print the version of the
.Nm
program.
.El

.Ss "Control Message Commands"
Association IDs are used to identify system, peer and clock variables.
System variables are assigned an association ID of zero and system name space, while each association is assigned a nonzero association ID and peer namespace.
Most control commands send a single mode-6 message to the server and expect a single response message.
The exceptions are the
.Li peers
command, which sends a series of messages,
and the
.Li mreadlist
and
.Li mreadvar
commands, which iterate over a range of associations.
.Bl -tag -width "something" -compact -offset indent
.It Cm associations
Display a list of mobilized associations in the form:
.Dl ind assid status conf reach auth condition last_event cnt
.Bl -column -offset indent ".Sy Variable" ".Sy Description"
.It Sy String Ta Sy Description
.It Li ind Ta index on this list
.It Li assid Ta association ID
.It Li status Ta peer status word
.It Li conf Ta Li yes : persistent, Li no : ephemeral
.It Li reach Ta Li yes : reachable, Li no : unreachable
.It Li auth Ta Li ok , Li yes , Li bad and Li none
.It Li condition Ta selection status (see the Li select field of the peer status word)
.It Li last_event Ta event report (see the Li event field of the peer status word)
.It Li cnt Ta event count (see the Li count field of the peer status word)
.El
.It Cm authinfo
Display the authentication statistics.
.It Cm clockvar Ar assocID Oo Ar name Ns Oo Cm = Ns Ar value Oc Oc Op ...
.It Cm cv Ar assocID Oo Ar name Ns Oo Cm = Ns Ar value Oc Oc Op ...
Display a list of clock variables for those associations supporting a reference clock.
.It Cm :config Op ...
Send the remainder of the command line, including whitespace, to the server as a run-time configuration command in the same format as a line in the configuration file. This command is experimental until further notice and clarification. Authentication is of course required.
.It Cm config-from-file Ar filename
Send the each line of
.Ar filename
to the server as run-time configuration commands in the same format as a line in the configuration file. This command is experimental until further notice and clarification. Authentication is required.
.It Ic ifstats
Display statistics for each local network address. Authentication is required.
.It Ic iostats
Display network and reference clock I/O statistics.
.It Ic kerninfo
Display kernel loop and PPS statistics. As with other ntpq output, times are in milliseconds. The precision value displayed is in milliseconds as well, unlike the precision system variable.
.It Ic lassociations
Perform the same function as the associations command, except display mobilized and unmobilized associations.
.It Ic lopeers Xo
.Oo Ic -4 |
.Ic -6
.Oc
.Xc
Obtain and print a list of all peers and clients showing
.Ar dstadr
(associated with any given IP version).
.It Ic lpeers Xo
.Oo Ic -4 |
.Ic -6
.Oc
.Xc
Print a peer spreadsheet for the appropriate IP version(s).
.Ar dstadr
(associated with any given IP version).
.It Ic monstats
Display monitor facility statistics.
.It Ic mrulist Oo Ic limited | Ic kod | Ic mincount Ns = Ns Ar count | Ic laddr Ns = Ns Ar localaddr | Ic sort Ns = Ns Ar sortorder | Ic resany Ns = Ns Ar hexmask | Ic resall Ns = Ns Ar hexmask Oc
Obtain and print traffic counts collected and maintained by the monitor facility.
With the exception of
.Cm sort Ns = Ns Ar sortorder ,
the options filter the list returned by
.Cm ntpd.
The
.Cm limited
and
.Cm kod
options return only entries representing client addresses from which the last packet received triggered either discarding or a KoD response.
The
.Cm mincount Ns = Ns Ar count
option filters entries representing less than
.Ar count
packets.
The
.Cm laddr Ns = Ns Ar localaddr
option filters entries for packets received on any local address other than
.Ar localaddr .
.Cm resany Ns = Ns Ar hexmask
and
.Cm resall Ns = Ns Ar hexmask
filter entries containing none or less than all, respectively, of the bits in
.Ar hexmask ,
which must begin with
.Cm 0x .
The
.Ar sortorder
defaults to
.Cm lstint
and may be any of
.Cm addr ,
.Cm count ,
.Cm avgint ,
.Cm lstint ,
or any of those preceded by a minus sign (hyphen) to reverse the sort order.
The output columns are:
.Bl -tag -width "something" -compact -offset indent
.It Column
Description
.It Ic lstint
Interval in s between the receipt of the most recent packet from this address and the completion of the retrieval of the MRU list by
.Nm .
.It Ic avgint
Average interval in s between packets from this address.
.It Ic rstr
Restriction flags associated with this address.
Most are copied unchanged from the matching
.Ic restrict
command, however 0x400 (kod) and 0x20 (limited) flags are cleared unless the last packet from this address triggered a rate control response.
.It Ic r
Rate control indicator, either
a period,
.Ic L
or
.Ic K
for no rate control response,
rate limiting by discarding, or rate limiting with a KoD response, respectively.
.It Ic m
Packet mode.
.It Ic v
Packet version number.
.It Ic count
Packets received from this address.
.It Ic rport
Source port of last packet from this address.
.It Ic remote address
DNS name, numeric address, or address followed by
claimed DNS name which could not be verified in parentheses.
.El
.It Ic mreadvar assocID assocID Oo Ar variable_name Ns Oo = Ns Ar value Oc Oc ...
.It Ic mrv assocID assocID Oo Ar variable_name Ns Oo = Ns Ar value Oc Oc ...
Perform the same function as the
.Ic readvar
command, except for a range of association IDs.
This range is determined from the association list cached by the most recent
.Ic associations
command.
.It Ic opeers Xo
.Oo Ic -4 |
.Ic -6
.Oc
.Xc
Obtain and print the old-style list of all peers and clients showing
.Ar dstadr
(associated with any given IP version),
rather than the
.Ar refid .
.It Ic passociations
Perform the same function as the
.Ic associations
command,
except that it uses previously stored data rather than making a new query.
.It Ic peers
Display a list of peers in the form:
.Dl [tally]remote refid st t when pool reach delay offset jitter
.Bl -tag -width "something" -compact -offset indent
.It Variable
Description
.It Ic [tally]
single-character code indicating current value of the
.Ic select
field of the
.Lk decode.html#peer "peer status word"
.It Ic remote
host name (or IP number) of peer.
The value displayed will be truncated to 15 characters  unless the
.Fl w
flag is given, in which case the full value will be displayed
on the first line,
and the remaining data is displayed on the next line.
.It Ic refid
association ID or
.Lk decode.html#kiss "'kiss code"
.It Ic st
stratum
.It Ic t
.Ic u :
unicast or manycast client,
.Ic b :
broadcast or multicast client,
.Ic l :
local (reference clock),
.Ic s :
symmetric (peer),
.Ic A :
manycast server,
.Ic B :
broadcast server,
.Ic M :
multicast server
.It Ic when
sec/min/hr since last received packet
.It Ic poll
poll interval (log2 s)
.It Ic reach
reach shift register (octal)
.It Ic delay
roundtrip delay
.It Ic offset
offset of server relative to this host
.It Ic jitter
jitter
.El
.It Ic apeers
Display a list of peers in the form:
.Dl [tally]remote refid assid st t when pool reach delay offset jitter
where the output is just like the
.Ic peers
command except that the
.Ic refid
is displayed in hex format and the association number is also displayed.
.It Ic pstats Ar assocID
Show the statistics for the peer with the given
.Ar assocID .
.It Ic readlist Ar assocID
.It Ic rl Ar assocID
Read the system or peer variables included in the variable list.
.It Ic readvar Ar assocID Ar name Ns Oo Ns = Ns Ar value Oc  Oo , ... Oc
.It Ic rv Ar assocID Ar name Ns Oo Ns = Ns Ar value Oc  Oo , ... Oc
Display the specified variables.
If
.Ar assocID
is zero, the variables are from the
.Sx System Variables
name space, otherwise they are from the
.Sx Peer Variables
name space.
The
.Ar assocID
is required, as the same name can occur in both spaces.
If no
.Ar name
is included, all operative variables in the name space are displayed.

In this case only, if the
.Ar assocID
is omitted, it is assumed zero.
Multiple names are specified with comma separators and without whitespace.
Note that time values are represented in milliseconds
and frequency values in parts-per-million (PPM).
Some NTP timestamps are represented in the format
YYYYMMDDTTTT ,
where YYYY is the year,
MM the month of year,
DD the day of month and
TTTT the time of day.
.It Ic reslist
Show the access control (restrict) list for
.Nm .

.It Ic saveconfig Ar filename
Write the current configuration,
including any runtime modifications given with
.Ic :config
or
.Ic config-from-file ,
to the ntpd host's file
.Ar filename .
This command will be rejected by the server unless
.Lk miscopt.html#saveconfigdir "saveconfigdir"
appears in the
.Ic ntpd
configuration file.
.Ar filename
can use
.Xr strftime
format specifies to substitute the current date and time, for example,
.Ic q]saveconfig ntp-%Y%m%d-%H%M%S.confq] .
The filename used is stored in system variable
.Ic savedconfig .
Authentication is required.
.It Ic timerstats
Display interval timer counters.
.It Ic writelist Ar assocID
Write the system or peer variables included in the variable list.
.It Ic writevar Ar assocID Ar name Ns = Ns Ar value Op , ...
Write the specified variables.
If the
.Ar assocID
is zero, the variables are from the
.Sx System Variables
name space, otherwise they are from the
.Sx Peer Variables
name space.
The
.Ar assocID
is required, as the same name can occur in both spaces.
.It Ic sysinfo
Display operational summary.
.It Ic sysstats
Print statistics counters maintained in the protocol module.
.El

.Ss Status Words and Kiss Codes

The current state of the operating program is shown
in a set of status words
maintained by the system.
Status information is also available on a per-association basis.
These words are displayed in the
.Ic rv
and
.Ic as
commands both in hexadecimal and in decoded short tip strings.
The codes, tips and short explanations are documented on the
.Lk decode.html "Event Messages and Status Words"
page.
The page also includes a list of system and peer messages,
the code for the latest of which is included in the status word.
.Pp
Information resulting from protocol machine state transitions
is displayed using an informal set of ASCII strings called
.Lk decode.html#kiss "kiss codes" .
The original purpose was for kiss-o'-death (KoD) packets
sent by the server to advise the client of an unusual condition.
They are now displayed, when appropriate,
in the reference identifier field in various billboards.

.Ss System Variables
The following system variables appear in the
.Ic rv
billboard.
Not all variables are displayed in some configurations.
.Bl -tag -width "something" -compact -offset indent
.It Variable
Description
.It Ic status
.Lk decode.html#sys "system status word"
.It Ic version
NTP software version and build time
.It Ic processor
hardware platform and version
.It Ic system
operating system and version
.It Ic leap
leap warning indicator (0-3)
.It Ic stratum
stratum (1-15)
.It Ic precision
precision (log2 s)
.It Ic rootdelay
total roundtrip delay to the primary reference clock
.It Ic rootdisp
total dispersion to the primary reference clock
.It Ic peer
system peer association ID
.It Ic tc
time constant and poll exponent (log2 s) (3-17)
.It Ic mintc
minimum time constant (log2 s) (3-10)
.It Ic clock
date and time of day
.It Ic refid
reference ID or
.Lk decode.html#kiss "kiss code"
.It Ic reftime
reference time
.It Ic offset
combined  offset of server relative to this host
.It Ic sys_jitter
combined system jitter
.It Ic frequency
frequency offset (PPM) relative to hardware clock
.It Ic clk_wander
clock frequency wander (PPM)
.It Ic clk_jitter
clock jitter
.It Ic tai
TAI-UTC offset (s)
.It Ic leapsec
NTP seconds when the next leap second is/was inserted
.It Ic expire
NTP seconds when the NIST leapseconds file expires
.El
The jitter and wander statistics are exponentially-weighted RMS averages.
The system jitter is defined in the NTPv4 specification;
the clock jitter statistic is computed by the clock discipline module.
.Pp
When the NTPv4 daemon is compiled with the OpenSSL software library,
additional system variables are displayed,
including some or all of the following,
depending on the particular Autokey dance:

.Bl -tag -width "something" -compact -offset indent
.It Variable
Description
.It Ic host
Autokey host name for this host
.It Ic ident
Autokey group name for this host
.It Ic flags
host flags  (see Autokey specification)
.It Ic digest
OpenSSL message digest algorithm
.It Ic signature
OpenSSL digest/signature scheme
.It Ic update
NTP seconds at last signature update
.It Ic cert
certificate subject, issuer and certificate flags
.It Ic until
NTP seconds when the certificate expires
.El
.Ss Peer Variables
The following peer variables appear in the
.Ic rv
billboard for each association.
Not all variables are displayed in some configurations.

.Bl -tag -width "something" -compact -offset indent
.It Variable
Description
.It Ic associd
association ID
.It Ic status
.Lk decode.html#peer "peer status word"
.It Ic srcadr
source (remote) IP address
.It Ic srcport
source (remote) port
.It Ic dstadr
destination (local) IP address
.It Ic dstport
destination (local) port
.It Ic leap
leap indicator (0-3)
.It Ic stratum
stratum (0-15)
.It Ic precision
precision (log2 s)
.It Ic rootdelay
total roundtrip delay to the primary reference clock
.It Ic rootdisp
total root dispersion to the primary reference clock
.It Ic refid
reference ID or
.Lk decode.html#kiss "kiss code"
.It Ic reftime
reference time
.It Ic reach
reach register (octal)
.It Ic unreach
unreach counter
.It Ic hmode
host mode (1-6)
.It Ic pmode
peer mode (1-5)
.It Ic hpoll
host poll exponent (log2 s) (3-17)
.It Ic ppoll
peer poll exponent (log2 s) (3-17)
.It Ic headway
headway (see
.Lk rate.html "Rate Management and the Kiss-o'-Death Packet" )
.It Ic flash
.Lk decode.html#flash "flash status word"
.It Ic offset
filter offset
.It Ic delay
filter delay
.It Ic dispersion
filter dispersion
.It Ic jitter
filter jitter
.It Ic ident
Autokey group name for this association
.It Ic bias
unicast/broadcast bias
.It Ic xleave
interleave delay (see
.Lk xleave.html "NTP Interleaved Modes" )
.El
The
.Ic bias
variable is calculated when the first broadcast packet is received
after the calibration volley.
It represents the offset of the broadcast subgraph relative to the unicast subgraph.
The
.Ic xleave
variable appears only for the interleaved symmetric and interleaved modes.
It represents the internal queuing, buffering and transmission delays
for the preceding packet.
.Pp
When the NTPv4 daemon is compiled with the OpenSSL software library,
additional peer variables are displayed, including the following:
.Bl -tag -width "something" -compact -offset indent
.It Variable
Description
.It Ic flags
peer flags (see Autokey specification)
.It Ic host
Autokey server name
.It Ic flags
peer flags (see Autokey specification)
.It Ic signature
OpenSSL digest/signature scheme
.It Ic initsequence
initial key ID
.It Ic initkey
initial key index
.It Ic timestamp
Autokey signature timestamp
.El

.Ss Clock Variables
The following clock variables appear in the
.Ic cv
billboard for each association with a reference clock.
Not all variables are displayed in some configurations.
.Bl -tag -width "something" -compact -offset indent
.It Variable
Description
.It Ic associd
association ID
.It Ic status
.Lk decode.html#clock "clock status word"
.It Ic device
device description
.It Ic timecode
ASCII time code string (specific to device)
.It Ic poll
poll messages sent
.It Ic noreply
no reply
.It Ic badformat
bad format
.It Ic baddata
bad date or time
.It Ic fudgetime1
fudge time 1
.It Ic fudgetime2
fudge time 2
.It Ic stratum
driver stratum
.It Ic refid
driver reference ID
.It Ic flags
driver flags
.El
        _END_PROG_MDOC_DESCRIP;
};